<?php ob_start();session_start();
$user=$_POST["txtUserName"];
$pass=md5($_POST["txtPassword"]);
include("../../Connections/connect_admin.php");
$query1="select * from user where IsDeleted=0 and UserName='$user'";
$result=mysql_query($query1);
if(mysql_num_rows($result)>0)
{
	$usercheck=mysql_fetch_assoc($result);
	if($usercheck["Password"]!=$pass)
	{
		$e=1;
		header('location:../Login.php?e='.$e);
	}
	else
	{
		if(intval($usercheck["IsActive"])!=1)
		{
			$e=2;
			header('location:../Login.php?e='.$e);
		}
		else
		{
			$_SESSION["username"]=$user;
			$_SESSION["avatar"]=$usercheck["Image"];
			$query="UPDATE `user` SET NumLogin=NumLogin+1, LastDateLogin=NOW()  WHERE UserName ='".$user."'";
			mysql_query($query);
			if(isset($_POST["remember"])&&$_POST["remember"] ==1)
			{
				setcookie("AdminUser",$user,time()+(15*24*60*60));
				setcookie("AdminPass",$_POST["txtPassword"],time()+(15*24*60*60));
			}
			else
			{
				setcookie("AdminUser",$user,time()-1);
				setcookie("AdminPass",$_POST["txtPassword"],time()-1);
			}
			//Load quyền
			$sql="SELECT distinct r.RoleID FROM `user` u INNER JOIN grouprole_user gu ON gu.UserName = u.UserName INNER JOIN grouprole g ON g.GroupRoleID = gu.GroupRoleID INNER JOIN grouproledetail g2 ON g2.GroupRoleID = g.GroupRoleID INNER JOIN `role` r ON r.RoleID = g2.RoleID  WHERE r.IsDeleted=0 AND g.IsDeleted=0 AND u.UserName='$user' ";
			$roles=array();
			$result2=mysql_query($sql);
			$j=0;
			while($item=mysql_fetch_assoc($result2))
			{
				$roles[$j]=$item['RoleID'];
				$j++;
			}
			$_SESSION["myrole"]=$roles;
			header('location:../HomePageAdmin.php?rem='.$_COOKIE["AdminUser"]);
		}
	}
	
}
else
{
	$e=0;
	header('location:../Login.php?e='.$e);
}


?>